I’ve had a long if intermittent association with the Anti-Phishing Working Group, going back to the early noughties when I represented the UK’s National Health Service there for a while, and subsequently as an individual member and through my association with ESET. Its focus has widened from the relatively crude phishing emails of that time to embrace a wider range of cybercrime.

Sadly, I’ve never yet managed to get to one of the CeCOS (Counter eCrime Operations Summit) meetings with which APWG is associated. Unfortunately, the 6th CeCOS, to be held in Prague (one of my favourite cities…) between 25-27 April, is going to be no exception, since I have to be at Infosec Europe.

The conference will again look at operational issues and the development of communal resources for first responders and forensic professionals, as you may gather from some key presentations:

Toward a Universal eCrime Taxonomy for Industry and Law Enforcement; by Iain Swaine, Ensequrity.

Budapest Convention on Cybercrime: Transborder Law Enforcement Access to Data; by Alexander Seger, Director of the Data Protection and Cybercrime Division of the Council of Europe.

However, the working agenda includes plenty of other notable researchers and speakers like Jart Armin, Luis Corrons, Larry Bridwell and Gary Warner.

The conference defines its aims as “to identify common forensic needs, in terms of the data, tools, and communications protocols required to harmonize cybercrime response across borders and between private sector financial and industrial sector responders and public sector policy professionals and law enforcement.”

The deeper you dive into the fight against cybercrime, the more you realize that conferences like this play a vital role, albeit far from the public eye. It might be a mouthful to say: "communications protocols required to harmonize cybercrime response across borders and between private sector financial and industrial sector responders and public sector policy professionals and law enforcement." But those protocols are urgently needed and the diverse range of participants required to codify them are more likely to come together at an event like this than more formal gatherings.

David Harley

Indeed. It's easy to say "why doesn't someone just do something about [whatever something is]?", but the security industry owes a huge debt to those people who beaver away in AMTSO, IEEE, APWG and so on, often in addition to their regular jobs. And, of course, to the employers who sponsor their participation. Without all that, we'd be in the position of an army with lots of commandos and no cooks or drivers, or a health service with lots of doctors and nurses but no pharmacists or administrators.